"Win32:Rootkit-gen [Rtk]" has been found in

[pimpv303]

Hi all,

ive gott a problemuntil the last avast update.

Run the update --> wanna play COD4 like every day --> COnnect --> And then this

YSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   17:15:19   1215616519   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   17:18:57   1215616737   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   17:19:18   1215616758   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   17:19:37   1215616777   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   17:19:48   1215616788   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   17:26:20   1215617180   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   17:27:03   1215617223   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   17:28:19   1215617299   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   17:29:05   1215617345   SYSTEM   1696   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\RECYCLER\S-1-5-21-2025429265-515967899-839522115-1003\De1.sys" file. 
09.07.2008   19:01:19   1215622879   planlos   1628   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 
09.07.2008   19:01:56   1215622916   planlos   1628   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   19:01:59   1215622919   planlos   1628   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   19:02:14   1215622934   planlos   1628   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   19:05:44   1215623144   planlos   1628   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINXP\system32\drivers\PnkBstrK.sys" file. 
09.07.2008   19:24:25   1215624265   planlos   1128   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file. 

Ive completly uninsatelled Punkbuster and reinstalled it.

But evey time i connect i get this message.

Could it be that this is a "wrong" message after the update? So avast thinks this file got root kit?

Plz tell me what to do    ive played COD4 every Day till one Year or so and no Problems.

Thx guys and sorry for my boring english

[Lisandro]

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

[ProctoR]

I get the same error/false positive virus warning with the same file, and also when I wanna play COD4

Never had any problems until today either

So I think you guys screwed up somewhere along the line

[Gialdo]

same here.

Here the link to VirusTotal Scan

http://www.virustotal.com/it/analisis/fac9baa7ce55f7c82ee6ab8303314287

This morning i played and i had no problems at all, updated avast and now no way to play 

I've just sent an email with the file. Hope you can sort the problem (FAST PLZ ).

[prevost]

I've been having the same problem here too: right after the update there is no way to play CoD4. It keeps saying that ''Win32:Rootkit-gen [Rtk] was found on C:\WINDOWS\system32\drivers\PnkBstrK.sys'' as soon as I get in a server. 

[Red_Eye_Jedi]

I'm getting the same problem too. All fine until this afternoon. Even scanned COD4 folder manually and got the same result. 


EDIT: Disabling Avast works but obviously it's not an ideal solution....

[bandolerojamrock]

I've been having the same problem here too: right after the update there is no way to play CoD4. It keeps saying that ''Win32:Rootkit-gen [Rtk] was found on C:\WINDOWS\system32\drivers\PnkBstrK.sys'' as soon as I get in a server. 

Exactly the same here!!!!! How long til it gets fixed/updated? This is killing me. I need COD4

[Klinger]

Aghhhhhhhhhhhhh - this is not cool and I am not a happy chappy.   The one evening I have free from wife and kids and the AVAST decides to put out an update the foobars Punk Buster so I can not play COD4.

I aint a happy man...... oh no.

PLEASE send an update!!!!!!!!

[Klinger]

On the pluss side the Tech advise on how to get past the error works and I can play okay now but I feel a little exposed.

Had to enter *\pnk*.sys as an exception which I do not like.

Please send an update with a fix and fixes......

[Death by Donut]

I've got the same problem too using CoD4 , trouble is I'm a bit of a PC dummy so I haven't got a clue what to do.#

Is it easy to fix?

DbD

[gregoryashby]

   Got the same thing... Sign of "Win32:Rootkit-gen [Rtk]" has been found in "E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys" file.
HELP!!! Iam 54 and I dont have that long :'(

[fuzion]

exactly the same issue
ive always known pb was a rootkit, but still...

[Lisandro]

fuzion and gregoryashby: use the Exclusion lists as a workaround.
Most probably the tomorrow virus database update will correct this false positive...

[gregoryashby]

 Thanks for the come back. I tried exclusion list...punkbuster is in the COD4 folder..I put COD4 folder in exclusion list, but no go same thing happens. Do I just put punkbuster in exclusion??

[Gialdo]

Thanks for the come back. I tried exclusion list...punkbuster is in the COD4 folder..I put COD4 folder in exclusion list, but no go same thing happens. Do I just put punkbuster in exclusion??

i tried it, no way :S